76

I'm just wondering what is the equivalent of

apt-get upgrade
apt upgrade
yum update

with OpenWRT or LEDE?

Evan Carroll
  • 30,763
  • 48
  • 183
  • 315

7 Answers7

148

There no single command or argument, but you can easily do it. To upgrade all of the packages, LEDE recommends,

opkg list-upgradable | cut -f 1 -d ' ' | xargs -r opkg upgrade

There are other less efficient ways where people use AWK and such.

An important caveat often follows with extensive use of LEDE / OpenWRT's opkg

Since OpenWrt firmware stores the base system in a compressed read-only partition, any update to base system packages will be written in the read-write partition and therefore use more space than it would if it was just overwriting the older version in the compressed base system partition. It's recommended to check the available space in internal flash memory and the space requirements for updates of base system packages.

Evan Carroll
  • 30,763
  • 48
  • 183
  • 315
  • 1
    another way to do this is with a shell for loop. e.g.> for a in `opkg list-upgradable | cut -f 1 -d ' '` ; do opkg upgrade "$a" ; done – Scott Jul 24 '18 at 14:29
  • 1
    "There are other less efficient ways where people use AWK and such" is a bit snide. awk '{print$1}' has just as few characters as that cut command and awk isn't fooled by multiple spaces (its delimiter is an ~extended regex that defaults to [[:space:]]+). OpenWRT doesn't have enough packages for @Scott's above command to be problematic, but using xargs would avoid errors regarding a command line that's too long (since \…`` and $(…) are fully expanded before running a command that uses them). – Adam Katz Feb 15 '20 at 23:07
  • hehe, yeah and often times when you look inside tools like opkg, you find out it's a script using awk and sed or a compiled binary doing essentially the same things in whatever language was used to build it. – Scott Feb 17 '20 at 02:12
  • 1
    There seems to be some indication that this may be a terrible idea and isn’t actually supported by OpenWRT in any official way (which may account for the lack of any simple GUI way of performing this function): https://forum.openwrt.org/t/okpg-upgrade-safeguards/30326 https://forum.openwrt.org/t/opkg-upgrade-vs-flashing-sysupgrade/58906 https://forum.openwrt.org/t/sysupgrade-instead-of-opkg-upgrade/32897/4 I'm not an openWRT expert, but this is still a top search result for "updating openwrt" and seems to be giving what may be very bad advice. – J. Reis Apr 19 '20 at 23:03
  • 1
    @JustinReis the answer is batting 65:0. I wouldn't call it terrible. ;) That said, if you don't have enough NVRAM on the machine to store the uncompressed updates, it's terrible. But that caveat has been in the answer since day 1. – Evan Carroll Apr 20 '20 at 15:34
25

As far as I can tell the correct answer to this question is that there is no equivalent for apt upgrade on OpenWrt and no set of commands that will create equivalent functionality. OpenWrt repos aren't maintained with the intention of keeping end user's packages updated (you're expected to move from release to release by flashing) and opkg does not handle or even check dependencies.

There's an infobox warning for the OpenWRT User Guide that addresses this topic which sates in part:

Generally speaking, the use of opkg upgrade is very highly discouraged. It should be avoided in almost all circumstances. In particular, bulk upgrading is very likely to result in major problems, but even upgrading individual packages may cause issues. It is also important to stress that this is distinctly different from the sysupgrade path for upgrading OpenWrt releases (major versions as well as maintenance upgrades). opkg upgrade will not update the OpenWrt version. Only sysupgrade can do that. The two are not equivalent.

Unlike the 'big distros' of Linux, OpenWrt is optimized to run on systems with limited resources. This includes the opkg package manager, which does not have built-in ABI (Application Binary Interface) compatibility and kernel version dependencies verification. Although sometimes there may be no issues, there is no guarantee and the upgrade can result in various types of incompatibilities that can range from minor to severe, and it may be very difficult to troubleshoot. In addition, the opkg upgrade process will consume flash storage space. Since it does not (and cannot) overwrite the original (stored in ROM), it must store the upgraded packages in the r/w overlay.

It sums up with:

Blindly upgrading packages (manually or via script) can lead you into all sorts of trouble.

Just because there is an updated version of a given package does not mean it should be installed or that it will function properly. Inform yourself before doing any upgrades to determine if it is safe to upgrade.

and finally

There are two ways to manage/install packages in OpenWrt: with the LuCI web interface Software menu (System > Software), and via the command line interface (CLI). Both methods invoke the same CLI opkg executable, and as of OpenWrt 19.07.0, the LuCI interface now has an 'Updates' tab with a listing of packages that have available upgrades. The LuCI Upgrade… button performs the same opkg upgrade command that is discussed in this article. The same warnings apply to upgrading packages using LuCI and the CLI.

The whole infobox is worth reading. It appears at the top of this section of the User Guide about showing available package upgrades.

Remaining content of my original post preserved below

Quotes from the OpenWrt forums:

Those of us who have more experience with OpenWrt know that it is a bad idea to use opkg upgrade (unless there is a very specific reason) as things can break. But many other users do not know -- they assume that it is just like any other linux installation and that the upgrades should work most of the time.

and

DO NOT USE OPKG UPGRADE!

Seriously, don't. Ever. Unless you know what you are doing, have a very good reason to do it, and are willing to face the consequences if you mess up your router when it doesn't go well. It will consume flash memory space, but even more importantly, there can be kernel mismatches and other broken dependencies which can cause various issues for OpenWrt -- some of them just at the nuisance level, others can be quite severe requiring re-flashing and such.

and

Never, ever use opkg upgrade - this method will likely cause you major problems and does not actually upgrade the version. Some people will say that they have used opkg upgrade successfully, but for every one of those people, there are many more who have problems caused entirely by that process - some minor, some major. Just don’t do it

In short, there is a reason there isn't a GUI option included in LUCI for performing this action. The methods being suggested for use in other answers here will achieve something similar to apt/apt-get but the underlying tools simply do not work the same way as apt or yum. The possible problems go beyond the mentioned possibility of running out of storage space (which is bad, but can be avoided if careful).

References: https://forum.openwrt.org/t/okpg-upgrade-safeguards/30326
https://forum.openwrt.org/t/opkg-upgrade-vs-flashing-sysupgrade/58906
https://forum.openwrt.org/t/sysupgrade-instead-of-opkg-upgrade/32897/4

I'm not an OpenWRT expert, I arrived at this thread because it is still a top web search result for 'updating wrt'. After reading this thread, I continued to the OpenWrt forums, including the threads linked above. I'm only trying to help end users avoid future problems by passing on information I've found which was presumably written by those more familiar/knowledgeable on the subject than I am.

Those who wish to continue advocating the use of various commands to keep packages up to date on OpenWrt, please consider taking the time to verify with the OpenWrt team that this is a reasonable way to use the tools provided. I'd love to be proven wrong.

J. Reis
  • 359
  • "please consider taking the time to verify with the OpenWrt team" why don't you get the team to update their docs to include the caveat you believe the docs require. Then I'll update the answer and the world will be better. Telling people some guys on a forum basically said it's poopoo and taking that word as gospel shows less effort than you're demanding from others. You seem very passionate about it. Go update the official docs, then we update the official answer with that caveat. Everything is golden! – Evan Carroll Apr 27 '20 at 20:13
  • 4
    Broadly, because I'm not the one making the claim that pulling a list of updated packages from the repo and xarg that list into opkg is a good idea. It's your claim, if you cared about the people you're passing this advice onto, you'd check out the concerns I've raised yourself. It isn't my job to safety check your answers. That's a responsibility you should take on when you provide the answer and post it publicly. The answer I provided is that "there is no functionality on OpenWrt that is equivalent to 'apt upgrade'||'yum update'. I believe that answer is correct. – J. Reis Apr 29 '20 at 19:45
  • 1
    You don't think it's your responsibility to talk to devs about your security conjectures before you passionately air them over the internet and without making any attempt to correct the official docs which lack any acknowledgement of those conjectures? I do. Moreover, you don't think it's your responsibility to talk to the party you're referring others to? I certainly do. You think that party wants 68,000 people coming to them to verify your claims because you were too lazy to do it yourself? – Evan Carroll Apr 29 '20 at 20:12
  • 7
    Why are we having this conversation? I have a router with OpenWrt and, interested in updates, came to this thread. Then I did more reading and realized that opkg isn't a full re-implementation of apt & doesn't handle deps, etc. and that there was, therefore a real risk of borking a system if using it for more than single pkg, spot upgrades. So I tried to update this thread with that information for the benefit of those who came after. You clearly have no interest in meaningful engagement with this information, so why do you care that it's here? Future readers can decide for themselves yes? – J. Reis Apr 30 '20 at 21:24
  • 2
    Those recommendations from the forums are simply absurd. Routers must always be kept up-to-date and they are the primary attack surface for SOHO networks. There's no such thing as better stay vulnerable than to break a setup that can be later fixed. https://www.arnnet.com.au/article/685702/flaws-widely-used-dnsmasq-software-leave-millions-linux-based-devices-exposed/ – hdante Feb 08 '21 at 19:02
  • 1
    "Absurd" is a bit hyperbolic. The recommendation is to update your OpenWRT by moving from point release to point release and to avoid updating individual packages in between releases. This is exactly the same procedure as you would be doing if you stayed with the factory firmware … except that OpenWRT actually has updated releases, unlike a lot of abandoned vendor software. You're not wrong about the centrality of router software to security or the subsequent importance of routers getting updates … but no one here is arguing against updating. Just the method of accessing those updates. – J. Reis Feb 10 '21 at 03:46
  • When I go to System ➜ Software in Luci I can upgrade packages there. Just not all at once. The updated packages are for specific releases and in the openwrt repository. Claiming that they are not intended to be used doesn't make any sense. – life-on-mars Apr 27 '21 at 11:55
  • There's an infobox warning now on the subject in OpenWRT's User Guide: https://openwrt.org/meta/infobox/upgrade_packages_warning which says "Generally speaking, the use of opkg upgrade is very highly discouraged. It should be avoided in almost all circumstances. In particular, bulk upgrading is very likely to result in major problems, but even upgrading individual packages may cause issues. It is also important to stress that this is distinctly different from the sysupgrade path for upgrading OpenWrt releases (major versions as well as maintenance upgrades). The two are not equivalent." – J. Reis Apr 29 '21 at 06:25
  • My understanding from this (and the forum content posted previously) is that the intended upgrade path is to use sysupgrade to move between release versions. opkg upgrade has uses, but keeping your system up to date isn't one of them. The system is very roughly equivalent to Debian's backports. Packages are added as they get updated, but aren't tested for use with eachother or the frozen versions of the current release. Many will work fine, but there's a chance that they will break in weird ways. The more packages you pull that weren't part of the release the more likely problems become. – J. Reis Apr 29 '21 at 06:32
14

I have created a little script called opkg-upgrade to deal with upgrading in a better way.

It is available on github:
https://github.com/tavinus/opkg-upgrade

It will make upgrading as easy as:
opkg-upgrade

Curl / Wget installation instructions here!

As mentioned on the readme.md file, there may be problems with upgrading though.

Possible problems:

  • The squashfs problem (ROM is read-only, so upgrades takes extra space on flash or extroot).
  • The dev/trunk (beta) problem (the beta versions can be soft-bricked on upgrades).
  • The space problem (need enough free space for the downloads and installs).

I should also mention that upgrading from CRON is a very bad idea!
I would say that not even on a regular Linux distro blind upgrades are a good idea.
There are many things that can go wrong on upgrades and since OpenWrt usually runs on devices that can be bricked, it makes even less sense to do it unattended.

In short, the only cases where I would EVER upgrade are:

  • If using extroot on a huge USB stick
  • If internal Flash is 32Mb or bigger
  • If NOT using dev/trunk (beta)
  • If running on ext4 FS with plenty of space (x86 metal, VM, et. all)

Still, I would never upgrade from cron.
I would also think 20 times before upgrading internal Flash (even big ones), since that would degrade it faster.

My script has the option to send an e-mail report with the available updates.
So I would recommend to add the reporting tool to cron, and then people can upgrade manually after receiving the e-mail. This makes things safer while also giving the option to revise the upgrades.

Cheers!
Gus

Gus Neves
  • 261
5

As of OpenWrt 19.07, performing opkg upgrade [pkgname] may throw this error.

Collected errors:
 * pkg_hash_add_from_file: Failed to open /var/opkg-lists/openwrt_routing: Out of memory.

A workaround is to use opkg install instead, which is the same as how luci-app-opkg upgrades packages.

opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg install
KagurazakaKotori
  • 151
2

If you get error like this

try to upgrade each file separately in while:

opkg list-upgradable | cut -f 1 -d ' ' | while IFS='$\n' read -r line; do opkg install $line ; done
andreykyz
  • 121
2

This does the job too:

opkg upgrade $(opkg list-upgradable|awk '{printf $1" "}')
Chris
  • 4,091
0

On my NanoPI R6S there are 496 packages to update on the default image. I noticed that it takes a very long time and unless the entire command finishes, I have to start over.

This script does it 50 at a time and is much quicker if there are problems. It uses parts of the other answers (thanks!)

opkg update && opkg list-upgradable | cut -f 1 -d ' ' | xargs -n 50 opkg upgrade
Toby Speight
  • 8,678
erg
  • 21
  • 1
    The chosen answer users xargs, which provides an -n, option will do exactly what you want. you can use it like this seq 1 50 | xargs -n 5 echo. that is to say, if you're using xargs you should never hand over just some of the arguments. You should instead hand over all the arguments and tell it how many you want to run in a batch. – Evan Carroll Jul 19 '23 at 18:47